Why are we not giving a UI based configuration? This should be a multi-tenanted configuration right?
On Thu, Jul 14, 2016 at 3:17 PM, Hasanthi Purnima Dissanayake < [email protected]> wrote: > Hi Isura, > > Yes when we mark 'all' in the xml for scope 'openid' it behaves as the > previous way. We need to rethink whether it is the correct behavior as it > is sending all the claims without considering other scopes. So other scopes > become useless. How ever yes, we are using 'openid' scope to behave it as > the previous way. > > Thanks, > > Hasanthi Dissanayake > > Software Engineer | WSO2 > > E: [email protected] > M :0718407133| http://wso2.com <http://wso2.com/> > > On Thu, Jul 14, 2016 at 2:28 PM, Isura Karunaratne <[email protected]> wrote: > >> Hi Hasanthi, >> >> What is the default behaviour of claims of the openid scope? I think it >> should be "all". >> >> Thank >> Isura. >> >> On Thu, Jul 14, 2016 at 11:08 AM, Hasanthi Purnima Dissanayake < >> [email protected]> wrote: >> >>> I'm implementing the $subject and the plan is as below. >>> >>> 1. The scopes and supported claims will be defined in identity.xml as >>> below. >>> <OpenIDConnect> >>> <scopes> >>> <scope id="openid"> >>> <claims>sub</claims> >>> </scope> >>> <scope id="email"> >>> <claims>email,email_preferred</claims> >>> </scope> >>> <scope id ="profile"> >>> <claims>name, family_name, given_name, middle_name, nickname, >>> preferred_username, profile, picture, website, gender, birthdate, zoneinfo, >>> locale, updated_at</claims> >>> </scope> >>> <scope id="phone"> >>> <claims>phone_number, phone_number_verified</claims> >>> </scope> >>> <scope id="address"> >>> <claims>address,street</claims> >>> </scope> >>> </scopes> >>> </OpenIDConnect> >>> >>> >>> 2. If there are any requested claims, the requested claims will be >>> issued ignoring the scope when the claims of the openid scope has been >>> configured as *all* in identity.xml. The requested claims will be >>> issued considering the scopes when the claims of the openid scope has been >>> configured as *sub* in identity.xml >>> >>> 3. If there are no requested claims, according to the above >>> configurations the matching claims will be issued from the user info >>> endpoint according to the scope. >>> eg1: If the user requested openid email scope the claims will be >>> sub,email,email_preferred (When the claims of the openid scope has been >>> configured as *sub* in identity.xml). >>> eg2. If the user requested openid email scope the claims will be {all >>> the mapped attributes},email,email_preferred (When the claims of the openid >>> scope has been configured as *all* in identity.xml). >>> >>> Any suggestions will be highly appreciated. >>> >>> Thanks, >>> >>> Hasanthi Dissanayake >>> >>> Software Engineer | WSO2 >>> >>> E: [email protected] >>> M :0718407133| http://wso2.com <http://wso2.com/> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> *Isura Dilhara Karunaratne* >> Senior Software Engineer | WSO2 >> Email: [email protected] >> Mob : +94 772 254 810 >> Blog : http://isurad.blogspot.com/ >> >> <https://wso2.com/signature> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
